US Federal Agency Hacked By Exploiting Telerik Vulnerability in IIS Server

As a result of a joint effort of the CISA, FBI, and MS-ISAC, a public advisory was published recently.

This public advisory claims that between November 2022 and the beginning of January 2023, attackers gained access to the server of the US Federal Agency Telerik vulnerability.

The joint CSA has provided all the TTPs used to IT, and infrastructure defenders, in order for them to detect and protect against similar, successful CVE-2019-18935 exploits.

At least two threat actors have exploited this Telerik UI vulnerability (CVE-2019-18935) to gain remote control over the unpatched server.

Threat Actor Activity

APT threat actors have been identified by CISA and authoring organizations as a part of the ongoing investigation.

The APT actors include a group known as Threat Actor 1 (TA1) and a group with a history of conducting cybercrime under the name XE Group.

It has been shown that threat actors uploaded malicious dynamic-link ...